package com.smashcrush.server.filter;

import java.io.IOException;
import java.util.Locale;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.smashcrush.server.context.SecurityContext;


public class SecurityContextFilter implements Filter {

	private static final Log log = LogFactory
			.getLog(SecurityContextFilter.class);

	private static String SESSION_KEY = SecurityContextFilter.class.getName();

	/**
	 * A root path to ignore
	 */
	public static final String FILTER_MAPPING_PARAM = "ignoreFilterMappingUrlPattern";

	String ignoreFilterMappingUrlPattern;

	public void init(FilterConfig config) throws ServletException {
		ignoreFilterMappingUrlPattern = config
				.getInitParameter(FILTER_MAPPING_PARAM);
	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {

		// skip non-http requests
		if (!(request instanceof HttpServletRequest)) {
			chain.doFilter(request, response);
			return;
		}

		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;
//System.out.println(IOUtils.toString(httpRequest.getInputStream()));
		
		
		if (ignoreFilterMappingUrlPattern != null
				&& httpRequest.getRequestURI().startsWith(
						ignoreFilterMappingUrlPattern)) {
			chain.doFilter(request, response);
			return;
		}

		HttpSession httpSession = httpRequest.getSession(true);

		SecurityContext context = (SecurityContext) httpSession
				.getAttribute(SESSION_KEY);

		if (context == null) {
			context = new SecurityContext();

			Locale locale = request.getLocale();
			if (locale == null) {
				locale = Locale.ENGLISH;
			}

			httpSession.setAttribute(SESSION_KEY, context);
		}

		SecurityContext.set(context);

		// clear session if session id in URL
		if (httpRequest.isRequestedSessionIdFromURL()) {
			HttpSession session = httpRequest.getSession();
			if (session != null)
				session.invalidate();
		}

		// wrap response to remove URL encoding
		HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(
				httpResponse) {
			@Override
			public String encodeRedirectUrl(String url) {
				return url;
			}

			@Override
			public String encodeRedirectURL(String url) {
				return url;
			}

			@Override
			public String encodeUrl(String url) {
				return url;
			}

			@Override
			public String encodeURL(String url) {
				return url;
			}
		};

		// process next request in chain
		chain.doFilter(request, wrappedResponse);

		// clean up
		SecurityContext.unset();
	}

	public void destroy() {

	}

}
